Cisco Patches Vulnerabilities in VPN Client, ACE Product

Cisco warned customers Wednesday of several vulnerabilities in its AnyConnect Secure Mobility virtual private network (VPN) client, claiming that if not patched, the VPN software could be exploited by a remote attacker.

The holes are present in versions of Cisco’s VPN client for Microsoft’s Windows as well as the Linux and Apple OS X systems. Apple’s iOS, Google’s Android and Cisco’s Cius platforms are not affected, according to the alert yesterday.

The VPN software can be deployed through the web or as desktop software by end-users. In a malicious attack against the web-based version, the AnyConnect client could be tricked into thinking certain sites are trustworthy and potentially get an unsuspecting user to download a malicious component, according to the advisory.

Since they are all exploited by the software’s update mechanism, all versions of the client are vulnerable, including those deployed on the Web. The arbitrary code execution vulnerability could allow an attacker to remotely execute code on systems via ActiveX or Java, both of which help run the web-version of Cisco’s VPN client.

The software downgrade vulnerability could allow an attacker to downgrade the VPN client to an older version and then exploit previously patched holes.

Cisco’s Product Security Incident Response Team (PSIRT) offers further information on the vulnerabilities, including software updates that address the flaws, along with several workarounds on the Security Advisory section of the company’s site.

A modern smartphone is a full-blown working tool, an entertainment center and a tool to manage your personal finances. The more it can do, the more attractive it is to cybercriminals. The evidence for...

Cybercriminals go at great lengths to throw researchers off their scent, but just like in the "offline" crime world they make errors and leave peculiar traces behind, making them look a bit silly, whi...

By Maria Karnaukh Genius is often simple. Those ideas that ultimately reap millions of dollars are usually found hiding in plain view – unnoticed until their time is right. Here are several examples o...